Hacking Wireless

[Radical Dreamer]

No its not what you think. I just wanna know some of the things to watch out for when placing a wireless network in a business. We know to turn off the SSID broadcast and use WEP and it might even be possible for us to lock it to the MAC address, but what are some of the things that I should watch out for?

I got netstumbler and it doesnt even see the network as existing, any other "script kiddie" tools I might wanna check out to see if our network is vulnerable?

BTW, we are using Cisco WAPS if it makes any difference

[TheLow1]

Some other wireless tools to use are

Airsnort
Airopeek

There is also a program called "nsspyglass" that can detect Netstumbler users.

I would make sure to specify the MAC addresses of your cards. You could also dissable DHCP and use an obscure subnet ( 192.168.34.XXX)

That is about it off the top of my head.

[rgharper]

Sorry, no idea on hack tools but some advice nonetheless.

You've got the most important security features pretty well covered. Turning off the SSID will deter the casual snooper, adding WEP will turn off most of the non-serious hackers. If you can lock down the MAC addresses the wireless device will accept that should be about 95% of the battle.

Your only worry now would be eavesdroppers - maybe they don't want in but they might well capture your packets and try to post-mortem crack them in the hopes of recovering some data with lasting value. You can probably all but eliminate that possibility by using PPTP or some other form of encrypted secure connection (Citrix, etc) to add further encryption to the mix.

[techmonkey13]

Since you are using Cisco Waps you could look at using 802.1x for additional security.

If you have Windows 2000 server you could integrate Radius into the process.

The initial setup can seem confusing, but is a cool gig.

The idea behind 802.1x is that the client and essentially the WAP are negotiating a random WEP key that say rotates every 900 seconds.

Using MAC filtering is also a good idea.

Each layer of defense usually makes the hacker just say "oh well there are easier targets"

Just having WEP enabled is usually light years ahead of most people. Just do a little war driving and I bet you can get into atleast 50% of the network scanned, because they have not WEP.

Good Luck,

[craigmodius]

Most of the quick lockdown strategies I've read are variations of this one. They pretty much say that if something like Netstumbler doesn't see it then you're in good shape.

The firewall placement they talk about in the article is a good reccomendation, but seems like it would be hard to realistically configure.

You can never make things completely secure. If a hacker wants in badly enough they'll get in. You just need to make it not worth their time, so they'll go bug someone else.

[groundzero]

You could check to see if Kismet sees it too.